{% extends "siem/base.html" %}

{% block sub-title %}Add Limit Rule | {% endblock %}

{% block content-main %}

<h1>Add Limit Rule</h1>
{% if form.errors %}
<p>There were some errors.</p>

<ul>
    {% for field in form %}
    {% if field.errors %}
    <li>{{ field.label_tag }}: {{ field.errors }}</li>
    {% endif %}
    {% endfor %}
</ul>

{% endif %}

<form action="" method="post">{% csrf_token %}
    <h2>Rule Settings</h2>
    <table>
        <tr>
            <th>Attribute</th><th>Setting</th><th class="left">Description</th>
        </tr>
        <tr>
            <td class="right">Name</td><td class="right">{{ form.name }}</td><td>The rule name.</td>
        </tr>
        <tr>
            <td class="right">Desc</td><td class="right">{{ form.desc }}</td><td>The rule description.</td>
        </tr>
        <tr>
            <td class="right">Enabled?</td><td class="right">{{ form.is_enabled }}</td><td>Whether the rule is enabled.</td>
        </tr>
        <tr>
            <td class="right">Reversed?</td><td class="right">{{ form.reverse_logic }}</td><td>Whether the rule logic is reversed.</td>
        </tr>
        <tr>
            <td class="right">Rule Events?</td><td class="right">{{ form.rule_events }}</td><td>Whether the rule wathes rule events (vs. log events).</td>
        </tr>
        <tr>
            <td class="right">Category</td><td class="right">{{ form.rule_category }}</td><td>The rule category.</td>
        </tr>
        <tr>
            <td class="right">Event Lifespan (local)</td><td class="right">{{ form.local_lifespan_days }}</td><td>The lifespan of resulting events in the local database.</td>
        </tr>
        <tr>
            <td class="right">Event Lifespan (backup)</td><td class="right">{{ form.backup_lifespan_days }}</td><td>The lifespan of backup copies of resulting events.</td>
        </tr>
        <tr>
            <td class="right">Alerts Enabled?</td><td class="right">{{ form.email_alerts }}</td><td>Whether the rule triggers email alerts.</td>
        </tr>
        <tr>
            <td class="right">Email Alert Users</td><td class="right">{{ form.alert_users }}</td><td>Users to alert via email.</td>
        </tr>
        <tr>
            <td class="right">Message</td><td class="right">{{ form.message }}</td><td>The message for events created by the rule.</td>
        </tr>
    </table>

    <h2>Timing and Severity</h2>
    <table>
        <tr>
            <th>Attribute</th><th>Setting</th><th class="left">Description</th>
        </tr>
        <tr>
            <td class="right">Severity</td><td class="right">{{ form.severity }}</td><td>The rule's severity.</td>
        </tr>
        <tr>
            <td class="right">Severity Modifier</td><td class="right">{{ form.severity_modifier }}</td><td>The multiplier for severity when calculating magnitude.</td>
        </tr>
        <tr>
            <td class="right">overkill Modifier</td><td class="right">{{ form.overkill_modifier }}</td><td>The multiplier for overkill ratio when calculating magnitude.</td>
        </tr>
        <tr>
            <td class="right">Time Interval</td><td class="right">{{ form.time_int }}</td><td>The time interval for the rule to monitor.</td>
        </tr>
        <tr>
            <td class="right">Event Limit</td><td class="right">{{ form.event_limit }}</td><td>The number of events to allow before triggering the rule.</td>
        </tr>
    </table>
    <h2>Basic Criteria</h2>
    <table>
        <tr>
            <th>Attribute</th><th>Setting</th><th class="left">Description</th>
        </tr>
        <tr>
            <td class="right">Event Type</td><td class="right">{{ form.event_type }}</td><td>The event type for the rule to monitor.</td>
        </tr>
        <tr>
            <td class="right">Message Filter</td><td class="right">{{ form.message_filter_regex }}</td><td>Search criteria for the event's message attribute (case insensitive regex).</td>
        </tr>
    </table>
    <h2>Log Event Criteria</h2>
    <h3>Basic Filters</h3>
    <table>
        <tr>
            <td class="right">Allowed Log Sources</td><td class="right">{{ form.allowed_log_sources }}</td><td>Number of log sources allowed before triggering an event.</td>
        </tr>
    </table>
    <h3>Regular Expression Filters</h3>
    <p>All regular expression filters use case insensitive regular expressions.</p>
    <table>
        <tr>
            <th>Attribute</th><th>Setting</th><th class="left">Description</th>
        </tr>
        <tr>
            <td class="right">Log Source Filter</td><td class="right">{{ form.log_source_filter_regex }}</td><td>Search criteria for the event's log_source attribute.</td>
        </tr>
        <tr>
            <td class="right">Source Process Filter</td><td class="right">{{ form.process_filter_regex }}</td><td>Search criteria for the event's source_process attribute.</td>
        </tr>
        <tr>
            <td class="right">Action Filter</td><td class="right">{{ form.action_filter_regex }}</td><td>Search criteria for the event's action attribute.</td>
        </tr>
        <tr>
            <td class="right">Interface Filter</td><td class="right">{{ form.interface_filter_regex }}</td><td>Search criteria for the event's interface attribute.</td>
        </tr>
        <tr>
            <td class="right">Status Filter</td><td class="right">{{ form.status_filter_regex }}</td><td>Search criteria for the event's status attribute.</td>
        </tr>
        <tr>
            <td class="right">Source Host Filter</td><td class="right">{{ form.source_host_filter_regex }}</td><td>Search criteria for the event's source_host attribute.</td>
        </tr>
        <tr>
            <td class="right">Source Port Filter</td><td class="right">{{ form.source_port_filter_regex }}</td><td>Search criteria for the event's source_port attribute.</td>
        </tr>
        <tr>
            <td class="right">Dest Host Filter</td><td class="right">{{ form.dest_host_filter_regex }}</td><td>Search criteria for the event's dest_host attribute.</td>
        </tr>
        <tr>
            <td class="right">Dest Port Filter</td><td class="right">{{ form.dest_port_filter_regex }}</td><td>Search criteria for the event's dest_port attribute.</td>
        </tr>
        <tr>
            <td class="right">Source User Filter</td><td class="right">{{ form.source_user_filter_regex }}</td><td>Search criteria for the event's source_user attribute.</td>
        </tr>
        <tr>
            <td class="right">Target User Filter</td><td class="right">{{ form.target_user_filter_regex }}</td><td>Search criteria for the event's target_user attribute.</td>
        </tr>
        <tr>
            <td class="right">Command Filter</td><td class="right">{{ form.command_filter_regex }}</td><td>Search criteria for the event's command attribute.</td>
        </tr>
        <tr>
            <td class="right">Path Filter</td><td class="right">{{ form.path_filter_regex }}</td><td>Search criteria for the event's path attribute.</td>
        </tr>
        <tr>
            <td class="right">Parameters Filter</td><td class="right">{{ form.parameters_filter_regex }}</td><td>Search criteria for the event's parameters attribute.</td>
        </tr>
        <tr>
            <td class="right">Referrer Filter</td><td class="right">{{ form.referrer_filter_regex }}</td><td>Search criteria for the event's referrer attribute.</td>
        </tr>
        <tr>
            <td class="right">Raw Text Filter</td><td class="right">{{ form.raw_text_filter_regex }}</td><td>Search criteria for the raw event.</td>
        </tr>
    </table>
    <h3>List Matching</h3>
    <table>
        <tr>
            <th>Attribute</th><th>Setting</th><th class="left">Description</th>
        </tr>
        <tr>
            <td class="right">Match List File Path</td><td class="right">{{ form.match_list_path }}</td><td>The path for the match list file on the LogESP server.</td>
        </tr>
        <tr>
            <td class="right">Match Field</td><td class="right">{{ form.match_field }}</td><td>The event field to compare to the match list.</td>
        </tr>
        <tr>
            <td class="right">Allow List</td><td class="right">{{ form.match_allowlist }}</td><td>Use list as allowlist instead of blocklist.</td>
        </tr>
    </table>
    <h2>Rule Event Criteria</h2>
    <table>
        <tr>
            <th>Attribute</th><th>Setting</th><th class="left">Description</th>
        </tr>
        <tr>
            <td class="right">Magnitude Filter</td><td class="right">{{ form.magnitude_filter }}</td><td>The minimum magnitude required to set off the rule.</td>
        </tr>
        <tr>
            <td class="right">Rule Name Filter</td><td class="right">{{ form.rulename_filter_regex }}</td><td>Search criteria for the name of the event's source rule.</td>
        </tr>
    </table>
    <input type="submit" value="Save" />
</form>

{% endblock %}
